mono-infrastructure/ansible/playbooks/tasks/gitlab-reconfigure.yml

65 lines
1.6 KiB
YAML
Raw Normal View History

---
2021-07-18 22:02:50 +00:00
- name: Copy certificates from ipa-getcert directory
copy:
2021-07-18 22:02:50 +00:00
src: "/etc/pki/tls/certs/{{ gitlab_domain }}.crt"
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
owner: gitlab-www
group: root
mode: '0644'
2020-12-18 08:17:53 +00:00
remote_src: true
2021-07-18 22:17:49 +00:00
when: "not gitlab_create_self_signed_cert|bool"
2021-07-18 22:02:50 +00:00
- name: Copy keys from ipa-getcert directory
copy:
2021-07-18 22:02:50 +00:00
src: "/etc/pki/tls/private/{{ gitlab_domain }}.key"
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
owner: gitlab-www
group: root
2021-07-18 22:02:50 +00:00
mode: '0600'
2020-12-18 08:17:53 +00:00
remote_src: true
2021-07-18 22:17:49 +00:00
when: "not gitlab_create_self_signed_cert|bool"
2020-12-18 07:39:37 +00:00
- name: Symlink the IPA CA
file:
src: "/etc/ipa/ca.crt"
2020-12-18 08:17:53 +00:00
dest: "/etc/gitlab/trusted-certs/ipa-ca.crt"
2020-12-18 07:39:37 +00:00
owner: root
group: root
state: link
- name: Turn on necessary SELinux booleans
ansible.posix.seboolean:
name: "{{ item }}"
state: true
persistent: true
loop:
- httpd_can_network_connect
- httpd_can_network_relay
2021-01-18 01:49:28 +00:00
- httpd_can_connect_ldap
- httpd_read_user_content
2021-07-18 22:02:50 +00:00
- name: Reconfigure gitlab is we're asked to
command: /usr/bin/gitlab-ctl reconfigure
register: gitlab_ctl_result
changed_when: "gitlab_ctl_result.rc == 0"
when:
2021-07-18 22:17:49 +00:00
- "gitlab_reconfigure_only is defined and (gitlab_reconfigure_only|bool)"
- name: Add firewall rules - http/s
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
immediate: true
loop:
- http
- https
2021-07-18 22:02:50 +00:00
- name: Deploy correct script
template:
src: "usr/local/bin/fix_gitlab_certs.sh"
dest: "/usr/local/bin/fix_gitlab_certs.sh"
owner: root
group: root
mode: '0750'